diff --git a/rules/windows/builtin/win_susp_dhcp_config_failed.yml b/rules/windows/builtin/win_susp_dhcp_config_failed.yml
index 527857d15..0e718b697 100644
--- a/rules/windows/builtin/win_susp_dhcp_config_failed.yml
+++ b/rules/windows/builtin/win_susp_dhcp_config_failed.yml
@@ -9,10 +9,10 @@ date: 2017/05/15
 tags:
     - attack.defense_evasion
     - attack.t1073
-author: Dimitrios Slamaris
+author: "Dimitrios Slamaris, @atc_project (fix)"
 logsource:
     product: windows
-    service: dhcp
+    service: system
 detection:
     selection:
         EventID: